<?php
session_start();
$ul = trim($_POST['ul']);
$pw = trim($_POST['pw']);
if ($ul == '' or $pw == '') {
    echo "<script>alert('用户名和密码都必须要填写！');history.back();</script>";
    exit;
}
include_once "conn.php";
$sql = "select * from userinfo where username = '$ul' and pw = '" . md5($pw) . "'";
$result = mysqli_query($conn, $sql);
$num = mysqli_num_rows($result);
if ($num) {
    $info = mysqli_fetch_array($result);
    $sql = "insert into sss(userid,sj) VALUE ('" . $info['id'] . "','" . time() . "')";
    $result = mysqli_query($conn, $sql);
    if ($info['admin'] == 1) { //说明当前登录者是管理员
        echo "<script>alert('恭喜你，登录成功！');location.href='admin.php';</script>";
        $_SESSION['admin'] = 1; //管理员登录的标志
    } else {
        echo "<script>alert('恭喜你，登录成功！');location.href='xiugai.php';</script>";
        $_SESSION['admin'] = '';
    }
    $_SESSION['loggedUsername'] = $ul;
} else {
    echo "<script>alert('用户名或者密码不正确！');history.back();</script>";
    $_SESSION['loggedUsername'] = '';
}
